[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/29922] New: Huge memoy allocation in nm
From: |
pdeng21 at m dot fudan.edu.cn |
Subject: |
[Bug binutils/29922] New: Huge memoy allocation in nm |
Date: |
Tue, 20 Dec 2022 12:05:43 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=29922
Bug ID: 29922
Summary: Huge memoy allocation in nm
Product: binutils
Version: 2.39
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: pdeng21 at m dot fudan.edu.cn
Target Milestone: ---
Created attachment 14528
--> https://sourceware.org/bugzilla/attachment.cgi?id=14528&action=edit
POC
#Summary
There is a huge memory allocation vulnerability in nm-new, which can be
triggered by a craft elf file.
#Verification
git clone git://sourceware.org/git/binutils-gdb.git
CC="clang -fsanitize=address" CXX="clang++ -fsanitize=address" ./configure
--disable-shared && make -j$(nproc)
./binutils/nm-new -A -a -l -S -s --special-syms --synthetic
--with-symbol-versions -D poc
#ASAN
./binutils/nm-new: poc: invalid string offset 2147483648 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 32768 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 65280 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 4076863487 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 65408 >= 472 for section
`.ung.ab'
poc:0000000000050000 a
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc:0000000000130003 a
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc: U
poc:0000000000000008 0000000000000008 C __afl_global_area_ptr
poc:0000000000000650 00000000e8ff00c9 T CatPath./binutils/nm-new: BFD (GNU
Binutils) 2.39.50.20221220 assertion fail ./dwarf2.c:5038
./binutils/nm-new: BFD (GNU Binutils) 2.39.50.20221220 assertion fail
./dwarf2.c:5038
=================================================================
==7488==ERROR: AddressSanitizer: allocator is out of memory trying to allocate
0x5100001e69 bytes
#0 0x493fed in malloc (/binutils-gdb/binutils/nm-new+0x493fed)
#1 0x4e3683 in bfd_malloc /binutils-gdb/bfd/libbfd.c:289:9
#2 0x5f4d44 in _bfd_dwarf2_find_nearest_line_with_alt
/binutils-gdb/bfd/./dwarf2.c:5777:9
#3 0x5f4b7b in _bfd_dwarf2_find_nearest_line
/binutils-gdb/bfd/./dwarf2.c:5717:10
#4 0x4c8224 in print_symbols /binutils-gdb/binutils/nm.c:1403:7
#5 0x4c8224 in display_rel_file /binutils-gdb/binutils/nm.c:1530:5
#6 0x4c4b42 in display_file /binutils-gdb/binutils/nm.c:1680:7
#7 0x4c3f0d in main /binutils-gdb/binutils/nm.c:2197:12
#8 0x7f36e8907c86 in __libc_start_main
/build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
==7488==HINT: if you don't care about these errors you may set
allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory
(/binutils-gdb/binutils/nm-new+0x493fed) in malloc
==7488==ABORTING
#Envieonment
Ubuntu 18.04
clang 10.0.0
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/29922] New: Huge memoy allocation in nm,
pdeng21 at m dot fudan.edu.cn <=